Large insurance company solves long-standing security problem using Cloud-Delivered SD-WAN.
A large insurance company deploys a strong security solution, and at the same time gains scalability and ease of deployment. With a private, on-premise cloud, they host their own devices, and also derive significant benefits in reduced new-site activation time, centralized business policy management, PKI infrastructure management, VPN simplicity and cloud-readiness for future off-premise applications.
This large insurance company has tens of thousands of sites, deploys new sites on an ongoing basis, and maintains many thousands of agents working across these sites. The company faced ongoing challenges with deploying new sites and managing their security infrastructure. Operating in the insurance arena, security is fundamental to their business objectives.
The company desired to have a Public Key Infrastructure (PKI) infrastructure—prized for its security strength—but this presented such staggering complexity in tying their VPNs into their Microsoft-based CA (certificate authority) servers that they abandoned the goal after a year’s worth of failed attempts to get it working and settled instead for a less-secure pre-shared key solution. In choosing this route, they would not be the first or only Fortune-500 company to compromise security to gain the benefits of a simplified network architecture, smoother site deployment, and gains in application performance.
While the pre-shared key infrastructure proved easier to roll-out and manage, it did not to scale to the size of their network, and it did not offer the level of security required.
SD-WAN Solution Choices
Being a large, established business, the company opted to build a private, on-premise SD-WAN cloud, hosting their own edge, hub, controller and orchestrator devices. They used the Velocloud zero-touch site activation capability to dramatically simplify the roll-out of new sites, built a framework to codify their business policies, and used the orchestrator to manage, coordinate updates, and distribute these to all sites.
Velocloud security infrastructure enabled them to deploy a PKI solution that was both scalable and easy to manage. The solution encompasses a workflow ensuring automatic key rotations, and device certificates (used for VPN tunnels) are anchored into the Velocloud orchestrator CA. Everything is built-in and there is no need to tie into any external devices.
Benefits and Results
This company realized the following benefits from choosing a Velocloud cloud-delivered SD-WAN solution:
- Strong PKI security infrastructure that provides a better security solution than pre-shared keys
- Scalable security infrastructure
- Dramatic simplification in defining and managing VPNs, keys and digital certificates
- Significant reduction in time, and ease of managing, in the roll-out of new sites—with security immediately enabled
- Consolidating business policies into a comprehensive central repository
- Easily managing the distribution of business policies across the thousands of sites
- Being cloud-ready with their SD-WAN infrastructure such that they can add future off-premise cloud applications to their network with a click on the orchestrator
- Dramatically reducing the time to get a new site up and running